A Chinese hacking group flagged as APT15 is targeting foreign affairs ministries in the Americas with a new backdoor named Graphican.
June 22, 2023 By Ionut Arghire
Anti-malware vendor Symantec is warning that a China-linked hacking group flagged as APT15 is targeting foreign affairs ministries in the Americas with a new backdoor named Graphican.
As part of an attack campaign running from late 2022 to early 2023, the threat actor used the new Graphican backdoor alongside multiple living-off-the-land tools.
Symantec noted that Graphican has the same functionality as Ketrican, a backdoor that APT15 used in previous attacks, but uses Microsoft Graph API to connect to OneDrive and retrieve command-and-control (C&C) information. Based on commands received from the C&C server, Graphican can create an interactive command line, create files, download files, and can create processes with hidden windows.
